gitea-mirror/trivy
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy.git synced 2025-12-22 07:10:41 -08:00
Code Issues Packages Projects Releases Wiki Activity
Files
c9f22f4e55a67516cc4690dd9afebbdd8cb708b9
trivy/pkg/detector/library/maven/compare.go
Teppei Fukuda c9f22f4e55 feat(java): support jar/war/ear (#837) 
* refactor(server): remove Detect endpoint

* refactor(library): do not use interface

* refactor: add dbtest package

* test: add bolt fixtures

* feat: support jar scanning

* refactor: rename node to npm

* refactor: fix lint issues

* test(maven): remove some tests

* chore(mod): update fanal

* docs: update README

* chore(mod): update trivy-db

* fix(library/drive): add ecosystem

* fix: do not display 0 vulnerabilities

* refactor(table): split method

* Update README.md (#838)

* fix(app): increase the default value of timeout (#842)

* feat(maven): use go-mvn-version

* test(maven): update tests

* fix(scan): skip files and dirs before vulnerability detection

* fix: display log messages only once per type

* docs(README): add file suffixes

* chore(mod): update go-mvn-version

* feat(log): set go-dep-parser logger

* chore(mod): update fanal

* docs: update README

* docs(README): add java source

* test(maven): fix invalid case
2021-02-14 18:19:42 +02:00

34 lines
992 B
Go
Raw Blame History

package maven
import (
"golang.org/x/xerrors"
version "github.com/masahiro331/go-mvn-version"
dbTypes "github.com/aquasecurity/trivy-db/pkg/types"
"github.com/aquasecurity/trivy/pkg/detector/library/comparer"
)
// Comparer represents a comparer for maven
type Comparer struct{}
// IsVulnerable checks if the package version is vulnerable to the advisory.
func (n Comparer) IsVulnerable(ver string, advisory dbTypes.Advisory) bool {
return comparer.IsVulnerable(ver, advisory, n.matchVersion)
}
// matchVersion checks if the package version satisfies the given constraint.
func (n Comparer) matchVersion(currentVersion, constraint string) (bool, error) {
v, err := version.NewVersion(currentVersion)
if err != nil {
return false, xerrors.Errorf("maven version error (%s): %s", currentVersion, err)
}
c, err := version.NewConstraints(constraint)
if err != nil {
return false, xerrors.Errorf("maven constraint error (%s): %s", constraint, err)
}
return c.Check(v), nil
}
Reference in New Issue View Git Blame Copy Permalink